DDoS attacks often target a victim's machine to isolate it from the rest of the Internet by overwhelming it with unwanted traffic. Due to the serious threat they pose, numerous defensive strategies have been proposed in the literature and the industry has developed effective techniques to help identify the abusers and combat the attacks. A more sophisticated type of DDoS attack, called the transit-link DDoS attack, instead aims to consume the resources of the intermediate core links rather than attacking the victim's machine directly thereby avoiding attribution. The goal of such attacks is to severely congest one or more of the network links that are used to service the traffic of the victim, hence, causing the victim to experience a denial of service. In this paper, we present the BounceBack attack, which is a novel transit-link DDoS attack that leverages the ICMP protocol to recruit a large number of "unwilling" accomplices to solicit attack traffic from them, creating congestion in certain carefully selected links. The proposed attack has the potential to cause serious problems for ISPs, and makes attribution and mitigation challenging as it relies on reflection, redirection and deception to carry out the bandwidth-exhaustion attack.

Recent studies in the field of Adversarial Machine Learning (AML) have primarily focused on techniques for poisoning and manipulating the Machine Learning (ML) systems for operations such as malware identification and image recognition. While the offensive perspective of such systems is increasingly well documented, the work approaching the problem from the defensive standpoint is sparse. In this paper, we define a metric for quantizing the vulnerability or susceptibility of a given ML model to adversarial manipulation using only properties inherent to the model under examination. This metric will be shown to have several useful properties related to known features of classifier-based ML systems and is intended as a tool to broadly compare the security of various competing ML models based on their maximum potential susceptibility to adversarial manipulation.

This paper proposes a deep Q network (DQN)-based solution framework to minimize UAV's energy consumption in UAV-assisted wireless powered sensor network under the age of information (AoI) constraint, where a UAV wirelessly charges ground sensors and then the sensors use harvested energy to upload their freshly collected information to the UAV. The corresponding non-convex energy-minimization problem is first modeled as a Markov process, and then the state spaces, action spaces and reward function are designed. Simulation results show that the proposed DQN achieves much smaller energy consumption than traditional greedy-based scheme, and when the number of sensors is more than 8, traditional greedy-based scheme becomes very difficult to solve the problem, while our presented DQN method can still find an optimal solution. Moreover, the UAV's energy consumption increases with the decrease of AoI or the increment of sensors' amount, and with the rotation angle constraint, UAV's trajectory becomes smooth.

As video surveillance cameras and various sensors have reached near-universal adoption for IoT applications, the uplink bandwidth demands for cellular networks are diverse and growing fast. Due to the popularity of 5G devices and the increasing deployment of 5G infrastructure, 5G has become a promising technology to meet such uplink demands. However, existing 5G uplink strategies mainly consider the practical 5G coverage issues, and have not focused on meeting the heavy and variable uplink bandwidth demands in the IoT field. In this paper, through introductions on the flexible air interface configuration of 5G NR, we reveal the feasibility of achieving variable uplink bandwidth in 5G cellular networks. We then propose an uplink bandwidth adaptation approach to dynamically set the uplink to downlink time slot ratio through signaling messages for different uplink tasks. Preliminary evaluation results show that our approach can adapt well to the variable uplink throughput of a smart home application. We envision this paper as a brief primer on 5G uplink bandwidth adaptation for interested readers to develop 5G uplink strategies with high user experience.

Incremental reprogramming is one of the key features for managing resource-constrained IoT devices. Nevertheless, existing approaches fall flat in RAM and flask usage due to the increasing firmware size of contemporary IoT applications. In this paper, we advocate S2, a differencing algorithm for reprogramming resource-constrained IoT devices. S2 achieves small memory and flash footprints by leveraging a topological sort based in-place reconstruction mechanism and stream reconstruction technique, as well as smaller delta size by a prediction-based encoding. Evaluation shows that S2 uses 33.3% less memory while reducing at most 42.5% delta size than stateof-the-arts.

While there have been many explorations about the offloading and scheduling of atomic user requests, the incoming requests with task-dependency, which can be represented as Directed Acyclic Graphs (DAG), are rarely investigated in recent works. In this paper, an online-based concurrent request scheduling mechanism is proposed, where the user requests are split into a set of tasks and are assigned to different edge servers in terms of their status. To optimize the requests scheduling policy in each time slot for minimizing the long term average system delay, we model it as an Markov Decision Process (MDP). Further, a Deep Reinforcement Learning (DRL)-based mechanism is applied to promote the scheduling policy and make decision in each step. Extensive experiments are conducted, and evaluation results demonstrate that our proposed DRL based technique can effectively improve the long-term performance of scheduling system, compared with the baseline mechanism.

Software Defined Networking (SDN) has changed the way of designing and managing networks through programmability. However, programmability also introduces security threats. In this work we address the issue of malicious hosts running malicious applications that bypass the standard SDN based detection mechanisms. The SDN security system we are proposing periodically monitors the system calls utilization of the different SDN applications installed, learns from past system behavior using machine learning classifiers, and thus accurately detects the existence of an unusual activity or a malicious application.

The conventional queue-based random access algorithms are designed based on the local queue length in order to achieve the optimal throughput. This design may cause some long-queue nodes to starve when the channel is occupied by the neighbor nodes. To remedy this problem, we propose a queue-based random access algorithm for achieving low delay, by taking not only the local queue information but also the comparison with its neighbors' queue lengths into consideration. The neighbor-aware weights are designed for max-weight scheduling which is asymptotically throughput-optimal. A distributed random access algorithm is proposed to sufficiently approximate the max-weight scheduling. Using simulation, we have shown the proposed neighbor-aware algorithm achieves a significantly lower delay than conventional local queue-based algorithms.

Millimeter-Wave (mmWave) communication is gaining importance in many networking applications due to the potential of wide channel bandwidth enabling multi-gigabit throughput and low delays. In the consumer electronics field, IEEE 802.11ad is already widely available, which has been developed mainly for indoor use cases. This protocol particularly benefits from dynamic beamforming. The communication performance of these algorithms is still little explored in outdoor scenarios. We present results from field measurements of IEEE 802.11ad on the road. We started with static network scenarios and then moved to dynamic scenarios using two cars driving through the city of Berlin. As can be seen from our results, a quite stable communication is possible in static scenarios, but mobile scenarios prevent quick beam alignment and thus significantly impact the performance.

In this work, we evaluate the benefits of applying ensemble machine learning techniques to CPS attack detection, together with the application of data imbalance techniques. We also compare the performance improvements obtained from bagging, boosting, and stacking ensemble techniques. The stacking models that build upon bagging and boosting provide the best detection performance. After scoring both superior detection performance and low computation cost, the "Stack-2" models provide the best detection efficacy and can easily be deployed to production environment and can be scaled for the protection of hundreds of thousands of network flows per second.

With the rapid advancement of Internet of Things (IoT) and social networking application, the clouds is moving towards the network edges. It is foreseeable that more and more data will be processed in edge, and research organizations estimate that over 90% of the data will be stored and processed locally. This paper focus on the resource allocation for the multi-job multi-edge environments. We formulate the allocation problem as the concurrent job scheduling problem (CJSP), which is shown to be NP-complete. We propose the Weight Balance (WB) Algorithm to solve a special case of CJSP and we show that WB is optimal under some conditions. We then expand WB to solve the general CJSP. Extensive simulations demonstrate that the performance of our algorithm at small user and edge scale is almost as good as the optimal algorithm.

We demonstrate a high fidelity seamless fiber-wireless system in the W band for high precision analog waveform transmission. The system is realized using a stable radio-over-fiber transmission and a direct receiver in the W band. Satisfactory performance was experimentally confirmed for 512- and 1024-quadrature amplitude modulation orthogonal frequency division multiplexing signals, showing that the seamless system can provide precise analog waveform transmission of radio-wave signals in future mobile networks.

This poster presents the design, development and test results of an energy consumption analysis module developed over ns3 Millimeter Wave (mmWave) communication for analyzing power consumption for 5G New Radio (NR) User Equipment (UE) during both continuous and discontinuous packet receptions. This module is important to analyze and explore the energy consumption behavior of the 5G communication protocols under the NR technology. The developed module includes the complete Radio Resource Control (RRC) state machine for 5G NR recommended by 3GPP Specification 38.840. To the best of our knowledge, the designed module is the first of its kind that provides a comprehensive energy analysis for the 5G NR UEs over mmWave communication.

Reconfigurable intelligent surface (RIS) as a new antenna technology has triggered a revolution in MIMO networks due to its capability of intelligently reconstructing the propagation environments passively without extra hardware or power consumption. In this paper, we propose the multi-cell RIS-aided MIMO networks where neighbouring BSs are allowed to share the same RIS to mitigate inter-cell interference via RIS-based hybrid beamforming. For sum-rate maximization, a near-optimal distributed algorithm is designed where the BSs negotiate with each other to reach a consensus on the RIS-based beamforming without revealing any information of their serving users. Simulation results show that the proposed scheme achieves a close performance compared to the centralized scheme, and much better than the traditional no-RIS MIMO networks.

At the dawn of the 5G era, 5G networks are expected to expose network capabilities to vertical industries, as an effort of introducing innovative 5G-aware services. This unprecedented aspect in service provisioning over mobile networks implies that the vertical industries should have access to 5G experimentation platforms during the service development process to guarantee compliance and assess the capabilities provided by the underlay network. In this context, we developed and integrated an experimentation platform for automated experimenting over mobile networks, with monitoring and management capabilities, tailored to multimedia services.

Multi-access edge computing (MEC) is a keystone for enabling wide range of vertical applications with diverse quality of service (QoS) requirements over 5G network. With the roll-out of 5G networks across the globe, the mobile network operators (MNOs) are looking forward to generate business-to-business (B2B) revenue by provisioning edge cloud on their networks and hosting the applications of the 3rd party application service providers (ASPs). However, in order to accelerate the adoption of MEC, it is essential to adopt open and standardized service platform as well as a flexible and trustworthy framework for service level agreement (SLA) enforcement. Edge service provisioning will involve strict QoS guarantees for offered edge services based on heterogeneous QoS requirements of different applications, thereby requiring robust, flexible and credible SLA verification and charging as a part of business support system (BSS) of MNO. Conventional cloud SLAs are not suitable due to lack of the flexibility and credibility required for automatic enforcement in a dynamic and heterogeneous environment. To address this challenge, we propose a blockchain-based framework for credible SLA enforcement. The proposed framework leverages smart contracts to provide an immutable solution, and ensures credibility by introducing an auditing mechanism for verifying the SLA violations.

We present Simulation-based Radio (SimbaR), an extension to our open-source prototyping system LAN Radio to couple IEEE 802.11-based communication channels of real world and simulation using commodity hardware. These coupled radio channels enable testing of prototypes (e.g., vehicular ECUs) in large scale simulation studies without the need for changing the IEEE 802.11 access layers (i.e., MAC and PHY) of these devices. However, fairness for channel access has not been investigated for such systems, yet. By applying MAC layer adjustments to the testbed at runtime, SimbaR can control the fairness for channel access between simulated stations and real world prototypes (e.g., an ECU). Besides transceiving information from simulation to the real world and vice versa, SimbaR can recreate interference observed in the simulation in the real world. In first experiments we show the effectiveness of our open-source prototyping approach by highlighting the necessity of proper channel access schemes and interference generation for coupled radio channels.

We explore one of the central obstacles hindering Internet-wide adoption of RPKI: erroneous ROAs. The errors cause the ROV-filtering networks to drop legitimate traffic while leaving them exposed to hijack attacks. The fear of disconnection demotivates enforcement of ROV obviating the security benefits of RPKI. In this work we devise metrics for differentiating errors from traffic hijack attacks and evaluate them experimentally. We develop an extended ROV based on our metrics and integrate it into the ROV implementation of RIPE NCC, we call our extended validator ROV++. Using our ROV++ does not require any changes to the routing infrastructure and is interoperable with the existing RPKI. We evaluate the security of ROV++ via Internet experiments and simulations on empirically derived datasets.

In this work we devise a SSLChecker tool, for testing server side vulnerabilities in SSL/TLS implementations. We integrate into our tool central vulnerabilities exposing to attacks and evaluate SSLChecker over them. The goal of SSLChecker is to help: (1) the web server operators to identify vulnerabilities and mitigate them, and (2) to warn users of accessing potentially vulnerable servers. We set SSLChecker as an publicly available service and provide its code as open source.

Smart metering techniques successfully transmit the electric meter readings from consumers to the operator within the given time constraints. Such techniques require huge energy for transmitting the large-size of data to the long distance. This poster proposes a smart metering system that consumes low energy and less time to transmit electric meter readings successfully. We first propose a lightweight compression model to compress the data at Edge device that is near to the consumer. Next, we transmit the compressed data to the operator using Long-Range network. Finally, we successfully decompress the data at the operator by using a large-size decompression model. Preliminary experimental comparisons with a recent state-of-the-artwork show that the lightweight compression-based system gives better performance with respect to delay and energy.

The European GDPR calls, besides other things, for innovative tools to empower online social networks (OSN) users with transparency over risks of attribute inferences. In this work, we propose a novel transparency-enhancing framework for OSN, PrivInferVis, to help people assess and visualize their individual risks of attribute inference derived from public details from their social graphs in different OSN domains. We propose a weighted Bayesian model as underlying method for attribute inference. A preliminary evaluation shows that our proposal outperforms baseline algorithms on several evaluation metrics significantly. PrivInferVis provides visual interfaces that allow users to explore details about their (inferred and self-disclosed) data and to understand how inference estimates and related scores are derived.

Machine learning models serve as a powerful new technique for detecting malware. However, they are extremely vulnerable to attacks using adversarial examples. Machine learning models that classify Windows Portable Executable (PE) files are challenging to attack using this method due to the difficulty of manipulating executable file formats without compromising their functionality. In this paper, our objective is to propose and develop advanced attacks against models such as MalConv, which forgo feature engineering in favor of ingesting the entire executable file as a raw byte sequence. We will attempt to discover attack methods that are much more sophisticated and difficult to detect than current methods that simply append large amounts of specially-crafted byte sequences to the end of the PE file.

Recently, traffic flow classification has received unprecedented attention due to the introduction of a variety of network applications. Classification plays a crucial role in cybersecurity and network management such as resource allocation. The previous studies have shown quite a good performance, but they require a large number of packets in the flow to identify an associated application. In this paper, we propose a deep learning based model for traffic flow classification with just a few packets. We compute five meaningful statistics from the flow and use them as hand-crafted features in the model. Such features when combined with deep learning features, improve the classification accuracy significantly. We evaluate the effectiveness of the model on a real-world traffic dataset that we collected by using a tcpdump utility of Linux. The initial experimental results show that the model can distinguish the traffic types quite accurately with only 15 packets of the flow by carefully extracting the features from the data.

We perform the first post EU General Data Protection Regulation (GDPR) readability study of privacy policies for mobile apps. For our analysis, we collect a dataset of historical (prior to GDPR implementation in May 2018) and contemporary privacy policies in different categories. In contrast to the common belief, that after the GDPR most of the privacy policies are easier to understand, our analysis shows that this is not so.

Proof-of-Validation (PoV) is a fair, immutable, and fully decentralized blockchain consensus protocol with an O(1) asymptotic message complexity. The original PoV proposal lacks deterministic finality, which guarantees that a valid block will not be revoked once it is committed to the blockchain. Supporting deterministic finality yields a fork-resistant blockchain. In this extended abstract, we pitch the architectural outline of our proposed Finalita, which is the extension of PoV that enables deterministic finality. Blockchains running with Finalita feature deterministic finality, in addition to all qualities supported by the original PoV.

Federated Learning (FL) has gained unprecedented growth in the past few years by facilitating data privacy. This poster proposes a network resource aware federated learning approach that utilizes the concept of knowledge distillation to train a machine learning model by using local data samples. The approach creates different groups based on the bandwidth between clients and server and iteratively applies FL to each group by compressing the model using knowledge distillation. The approach reduces the bandwidth requirement and generates a more robust model trained on the data of all clients without revealing privacy.

How to improve the handover performance is one fundamental issue in high-speed railway communication (HSRC) network. This paper proposes a novel handover enhancement scheme for the Control/User plane split heterogeneous network in the HSRC network. In contrast to traditional handover scheme, the proposed handover scheme triggers the handover on the basis of a predicted reference handover point (RHP) to reduce the communication interruption to both serving and target eNBs. To facilitate the proposed scheme, a nonlinear relationship among RHP, the received signal strength (RSS) and the speed of the train is modeled based the distribution of RSS.Further, a handover trigger scheme is proposed based on Bayesian regression. Simulation results show that compared with traditional handover scheme, the proposed one achieves lower outage probability.